Malicious worm attacks, steals data from jailbroken iPhones

iPhones with modified software could be vulnerable to a new, malicious worm that can allow remote access and control without the owner's knowledge or permission.

It is estimated that hundreds of users are currently affected by a worm that targets users of "jailbroken" iPhones who live in the Netherlands and use the bank ING Direct. But security company F-Secure told the BBC that the currently isolated issue could easily jump to thousands of handsets. The worm is reportedly spread between phones when they share the same Wi-Fi spot.

In order for an iPhone to be vulnerable to the new worm, they must have willingly modified their handset's software to allow them to run unauthorized code. Phones can be jailbroken to run applications or modify the system in ways not approved by Apple.

The worm only affects jailbroken phones that have SSH (secure shell) installed, without the default password — "alpine" — changed. It employs the same method as a previous worm, Ikee, that was not malicious. Instead, the wallpaper-changing prank simply changed the user's background to a picture of 1980s pop star Rick Astley, who sang the 1987 hit "Never Gonna Give You Up."

But the new worm reportedly has botnet functionality and connects to a Web-based command and control center based in Lithuania.

For now, the worm is only aimed at customers who live in the Netherlands and bank with ING Direct. The online bank intends to put a warning on its Web site.

This summer, a text messaging exploit was discovered by security researcher Charlie Miller that could allow someone to take control of the iPhone. Apple quickly fixed the issue. The exploit exposed the iPhone completely, giving hackers access to the camera, dialer, messaging and Safari.

Unauthorized modification of iPhone OS has been a major source of instability, disruption of services, and other issues

Last Modified: July 30, 2009
Article: HT3743

As designed by Apple, the iPhone OS ensures that the iPhone and iPod touch operate reliably. Some customers have not understood the risks of installing software that makes unauthorized modifications to the iPhone OS ("jailbreaking") on their iPhone or iPod touch. Customers who have installed software that makes these modifications have encountered numerous problems in the operation of their hacked iPhone or iPod touch. Examples of issues caused by these unauthorized modifications to the iPhone OS have included the following:

Device and application instability: Frequent and unexpected crashes of the device, crashes and freezes of built-in apps and third-party apps, and loss of data.

Disruption of services: Services such as Visual Voicemail, YouTube, Weather, and Stocks have been disrupted or no longer work on the device. Additionally, third-party apps that use the Apple Push Notification Service have had difficulty receiving notifications or received notifications that were intended for a different hacked device. Other push-based services such as MobileMe and Exchange have experienced problems synchronizing data with their respective servers.

Compromised security: Security compromises have been introduced by these modifications that could allow hackers to steal personal information, damage the device, attack the wireless network, or introduce malware or viruses.

Shortened battery life: The hacked software has caused an accelerated battery drain that shortens the operation of an iPhone or iPod touch on a single battery charge.

Inability to apply future software updates: Some unauthorized modifications have caused damage to the iPhone OS that is not repairable. This can result in the hacked iPhone or iPod touch becoming permanently inoperable when a future Apple-supplied iPhone OS update is installed.

Apple strongly cautions against installing any software that hacks the iPhone OS. It is also important to note that unauthorized modification of the iPhone OS is a violation of the iPhone end-user license agreement and because of this, Apple may deny service for an iPhone or iPod touch that has installed any unauthorized software.

This illustrates a very good reason why Apple keeps a tight lock on the iPhone. If this happened to a "locked" iPhone could you imagine the crap that Apple would take!

If you jailbreak your phone you are on your own!

I'm sure Apple will still take some shit for this because some do not understand the vulnerable and think all iPhones are susceptible, or just think that Apple is responsible for anything and everything regardless if the phone is jail-broken.

Unauthorized modification of iPhone OS has been a major source of instability, disruption of services, and other issues

Last Modified: July 30, 2009
Article: HT3743

As designed by Apple, the iPhone OS ensures that the iPhone and iPod touch operate reliably. Some customers have not understood the risks of installing software that makes unauthorized modifications to the iPhone OS ("jailbreaking") on their iPhone or iPod touch. Customers who have installed software that makes these modifications have encountered numerous problems in the operation of their hacked iPhone or iPod touch. Examples of issues caused by these unauthorized modifications to the iPhone OS have included the following:

Device and application instability: Frequent and unexpected crashes of the device, crashes and freezes of built-in apps and third-party apps, and loss of data.

Disruption of services: Services such as Visual Voicemail, YouTube, Weather, and Stocks have been disrupted or no longer work on the device. Additionally, third-party apps that use the Apple Push Notification Service have had difficulty receiving notifications or received notifications that were intended for a different hacked device. Other push-based services such as MobileMe and Exchange have experienced problems synchronizing data with their respective servers.

Compromised security: Security compromises have been introduced by these modifications that could allow hackers to steal personal information, damage the device, attack the wireless network, or introduce malware or viruses.

Shortened battery life: The hacked software has caused an accelerated battery drain that shortens the operation of an iPhone or iPod touch on a single battery charge.

Inability to apply future software updates: Some unauthorized modifications have caused damage to the iPhone OS that is not repairable. This can result in the hacked iPhone or iPod touch becoming permanently inoperable when a future Apple-supplied iPhone OS update is installed.

Apple strongly cautions against installing any software that hacks the iPhone OS. It is also important to note that unauthorized modification of the iPhone OS is a violation of the iPhone end-user license agreement and because of this, Apple may deny service for an iPhone or iPod touch that has installed any unauthorized software.

Have you heard, Jailbreaking your Phone also increases your risk of cancer too.

Those things you listed are grossly exaggerated, and most of those are no brainers. Of course you're going to have reduced battery life, your doing more things, Of course it's harder to update to future firmwares, you lose your jailbroken data. While sometimes I do instal things that messes with my services, I knowingly put them on and I can remove them to, and worst case scenario, I just restore to default firmware. My stability hasn't changed a bit, actually, I have 0 problems what so ever, unlike many of those to upgraded to 3.1.

Edit: I mean no disrespect to you Quadra, but rather what you quoted from the Apple Support page.

Personally the folks who jail broke their phones now have to decide if it is worth the pain. You get a little more functionality and a huge increase in security risk. If security doesn't matter then the jailbreak releases you from the grasp of Apple control, but it is obvious that the security environment on a jail-broken iphone in dangerous. My guess is the jail-breaking will become much more a niche market since Apple has continued to improve the Iphone and has a feature set which cover the majority of users requirements

Have you heard, Jailbreaking your Phone also increases your risk of cancer too.

Those things you listed are grossly exaggerated, and most of those are no brainers. Of course you're going to have reduced battery life, your doing more things, Of course it's harder to update to future firmwares, you lose your jailbroken data. While sometimes I do instal things that messes with my services, I knowingly put them on and I can remove them to, and worst case scenario, I just restore to default firmware. My stability hasn't changed a bit, actually, I have 0 problems what so ever, unlike many of those to upgraded to 3.1.

Edit: I mean no disrespect to you Quadra, but rather what you quoted from the Apple Support page.

No offense taken.

You learn to develop a thick sin on these forums. But your comment wasn't in any way confrontational.

Apple has to cover all the bases when it comes to this. Yes, some of those are exaggerations, and are in the realm of "possible but unlikely." However, when I see the headline: "Malicious worm attacks, steals data from jailbroken iPhones", it does seem rather disturbing. When it comes to your data and (potentially) compromised security re banks, Apple's support page about jailbreaking does resonate a little more with me.

Personally the folks who jail broke their phones now have to decide if it is worth the pain. You get a little more functionality and a huge increase in security risk. If security doesn't matter then the jailbreak releases you from the grasp of Apple control, but it is obvious that the security environment on a jail-broken iphone in dangerous. My guess is the jail-breaking will become much more a niche market since Apple has continued to improve the Iphone and has a feature set which cover the majority of users requirements

It is pain to see such post about jailbreaking. Yes it is security risk if you install SSH and don't change the root password, similar to one of jumping out of airplane without parachute. Does this mean airplanes should be banned as too much of security risk ? You and Apple would say so.